You are a SOC Analyst working at a company that is deploying Azure Sentinel. You are responsible for performing log data analysis to search for malicious activity, display visualizations, and perform threat hunting. 
To query log data, you use the Kusto Query Language (KQL). Often fields in a table store structured and unstructured string data. You write KQL statements to extract and manipulate data stored in these fields. 
Which KQL declaration shall you use parsing external info into a virtual table?

Answer options:

A.externaldata
B.parse_json
C.extract
D.expand

Correct Answer: A
Option A is correct. Use the externaldata operator to create a virtual table from an external source.
Option B & D is incorrect. This function will parse JSON data already imported.
Option C is incorrect. This function will extract data from a string field using a regular expression.
Reference: 

https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/externaldata-operator